File name: | 38aaf91fc7ae661bd7c5c198cc948652-3802.docx |
Full analysis: | https://app.any.run/tasks/0e8f0a2f-f323-474f-afb5-bf2139a9fd9c |
Verdict: | Malicious activity |
Analysis date: | November 15, 2018, 01:57:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 38AAF91FC7AE661BD7C5C198CC948652 |
SHA1: | 9080B9E59DD13F51ADD7FDA71F2485A360CAA383 |
SHA256: | 873B0D63B8C9B9928E262E58D2C1AF2E2F2CBF180010EF0F839F5A4335CCD9D1 |
SSDEEP: | 6144:EJtpbPsA0GBWhCi+dcFmAfjZfefmV+5vk8QEhBy:EJtNFBWhCfcFT1fefZNi |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
Description: | - |
---|---|
Creator: | dell |
Subject: | - |
Title: | - |
ModifyDate: | 2016:08:19 07:26:00Z |
---|---|
CreateDate: | 2016:08:19 07:26:00Z |
RevisionNumber: | 2 |
LastModifiedBy: | dell |
Keywords: | - |
AppVersion: | 15 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 1 |
LinksUpToDate: | No |
Company: | - |
TitlesOfParts: | - |
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 1 |
Words: | - |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal.dotm |
ZipFileName: | docProps/app.xml |
---|---|
ZipUncompressedSize: | 983 |
ZipCompressedSize: | 459 |
ZipCRC: | 0xd33535b5 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0800 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3268 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\38aaf91fc7ae661bd7c5c198cc948652-3802.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3384 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE" C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE | — | WINWORD.EXE |
User: admin Integrity Level: LOW Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3268 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9C93.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3268 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\938D8EFD\00000001 | — | |
MD5:— | SHA256:— | |||
3268 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\53DEA16C.eps | — | |
MD5:— | SHA256:— | |||
3268 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_50A0D09D-50C1-47EC-A456-29E0FB5ED57D.0\FLA185.tmp | — | |
MD5:— | SHA256:— | |||
3384 | FLTLDR.EXE | C:\Users\admin\AppData\Local\Temp\OICE_50A0D09D-50C1-47EC-A456-29E0FB5ED57D.0\plugin.dll | — | |
MD5:— | SHA256:— | |||
3268 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$aaf91fc7ae661bd7c5c198cc948652-3802.docx | pgc | |
MD5:7432CCF7EF61A481DDD22D7318847A12 | SHA256:B5B34D5BE5333C128131AEACE1E2E617E8C1ECFFB33081B83D8112C508D8021D | |||
3268 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:EC564778416A9044826F739AD10375CF | SHA256:CC3266B071933269ACC13E96D4F790189AC068B788BBA7F86EF90B7FBF4EB723 |